SCO Group's Web Site Target Of Hacker Attack, Again>SCOX Monday August 25, 1:53 pm ET By Marcelo Prince, Of DOW JONES NEWSWIRES

[ Reply to This | # ]

[ Reply to This | # ]

http://uptime.netcr aft.com/up/graph/?host=www.sco.com

[ Reply to This | # ]

states website was CHANGED August 21 2003

Linux Apache 21-Aug-2003 216.250.140.112 NFT Linux Apache/1.3.14 (Unix) mod_ssl/2.7.1 OpenSSL/0.9.6 PHP/4.3.2-RC 17-Jun-2003 216.250.140.112 NFT Linux Apache/1.3.14 (Unix) mod_ssl/2.7.1 OpenSSL/0.9.6 PHP/4.0.3pl1 20-Nov-2002 216.250.140.112 NFT Linux Apache/1.3.14 (Unix) mod_ssl/2.7.1 OpenSSL/0.9.6 PHP/4.0.3pl1 14-Aug-2002 216.250.140.125 NFT

My formatting broke, after Apache on the first line, 21-Aug-2003 is the "Last Changed" date. Curious btw The kernel source IS still there.... I wonder what is not there anymore?

[ Reply to This | # ]

First, there's the new ads on the front page (I kinda liked that TV on the beach... gone now). Then there's the whole SCOForum hooplah now documented online, with many (and I do mean many) hires images to show the world just how glamorous it is to be an modern-day IP pirate:

http://www.sco.com/2003forum/ snapindex.html

[ Reply to This | # ]

This is curious as Tarantella is the remains of the old SCO and markets web solution software. Yet SCO recently announced that they were going to move into web based solutions and services. Why link to a compeditor? Or is there a closer relationship than we have thought?

[ Reply to This | # ]

The netcraft data says: latest data 21-aug-2003 , thursday last week

But it interesting to note that the server config seems to have changed that day from

Apache/1.3.14 (Unix) mod_ssl/2.7.1 OpenSSL/0.9.6 PHP/4.3.2-RC

to

Apache (with no config info)

So it loks like somebody did something to the server config, and maybe screved up

[ Reply to This | # ]

[ Reply to This | # ]

http://www.s co.com/2003forum/snapimages/forum5%20016_jpg.jpg

[ Reply to This | # ]

[ Reply to This | # ]

[ Reply to This | # ]

GOT UNIX IN YOUR LINUX
mumble...mumble
I SAW IT FOR MYSELF AT SCROTUM 2003

I still have not seen independent confirmation about any DDoS attack. And who is Ganesh?

[ Reply to This | # ]

This could indicate that the blocking of searches and google chaches interferes with access from some other parts of the internet. This rather techincal changes, as opposed from just content, could explain what we are seeing.

Yea, I know there are many if's in here.

[ Reply to This | # ]

And on the stock's continued rise: they have about 5x more "short interest" than the other software companies I checked, and a much smaller "float" (shares that are available for trading). It's a speculator's dream: fat lawsuit in the works, fairly low priced, lots of publicity, and volatile movements. It's a classic setup for a "short squeeze", because as stock prices rise, short sellers HAVE to cough up cash to cover their positions OR buy shares ... UNLESS they owned the stock and sold it short (called selling "Short against the box"). That is a valid way to lock in a profit and (maybe) delay a taxable event. Because an ordinary short seller can lose a lot of money if a stock rises abruptly, with no theoretical limit on the lossses, they are quick to jump off and cover their shorts. That leads to more volatility.

One way SCO executives could profit from their holdings (unless it is prohibited by insider trading rules) is by selling "call options" on their stocks. It doiesn't appear to b ehappening.

[ Reply to This | # ]

An off-the-cuff remark by the receptionist who answers the telephone should not be considered a definitive response to the status of the company's web site.

Cranky

[ Reply to This | # ]

The last sentence says: I SAW IT FOR MYSELF AT SCOFORUM 2003. hmm.. did these slides sco showed anybody convince? i can't imagine..

[ Reply to This | # ]

[ Reply to This | # ]

-> http://216.239.33.104/search?q=cache:6NanirOL3o4J:www.sco.com/+sco&hl=d e&ie=UTF-8

[ Reply to This | # ]

[ Reply to This | # ]

The shirt says "GOT UNIX IN YOUR LINUX?"

What else would one expect $SCO?

[ Reply to This | # ]

Magnus Lundin: ehm, i compared, google cache is before the sco forum. or what do you mean?

[ Reply to This | # ]

(1) Isn't it ironic that the podium where the presentation was done seems to be made of cardboard and tissue paper, and is full of holes?

(2) Is there any significance to the fact that apparently www.sco.com and www.caldera.com are exact copies of each other? Is one mirroring the other? According to IP addresses, they're not the same machine, but ya coulda fooled me, judging by the content.

[ Reply to This | # ]

"Baltimore: What's your take on the SCO/Linux battle? I'm afraid that it will go a long way to dampening a lot of innovation in the computer field. The U.S. desperately needs to revise its Intellectual Property laws (both patent and copyrights), but I have real doubts the only benefactors of any reform attempts will be the lawyers. Could this further the flight of the IT industry from the U.S. shores?

"Rob Pegoraro: I was wondering if I'd ever get any questions about this. Here, again, I only know what I read in the papers. What I do know, however, is that the evidence SCO (a developer of Unix software in Utah) has offered in public to back up its claims that its code has been stolen and reused in Linux is... kinda of nonexistent. If a reporter working for me filed a story with equally skimpy proof, I'd tell him to go out and do some real reporting.

"The fact that SCO is then asking companies to pay it licensing fees (starting at $699 a server) without documenting these claims strikes me, personally, as just whacko. I mean, by that logic *I* could claim that I wrote half the Linux kernel. "

[ Reply to This | # ]

[ Reply to This | # ]

I'm not sure about what changes were made to the website, however they haven't made many changes to their ftp site. They're still offering Linux source code, for example. Here is a link to my page where I've documented the files on the various SCO ftp sites. Note that there are over 400 copies of various Linux 2.4 kernel source rpms on ftp.sco.com.

Also note that I've found a former SCO mirror site that still appears to have all the files still there. Inside that mirror I found the BPF code that was presented as stolen from Unix. I've also documented this on the page I mentioned.

[ Reply to This | # ]

[ Reply to This | # ]

[ Reply to This | # ]

Line 1: ____ SCO owns the legal copyright to Unix System V

Line 2: ____ SCO owns all claims ____ out of ____ by Unix (Linux?) ____

Line 3: ____ ____ ____ proof of direct copying of System V ____ ____

Good luck to whoever tries to finish this. :)

[ Reply to This | # ]

And did anyone notice that they appeared to have put the little trademark symbols after UNIX and LINUX in the title?

[ Reply to This | # ]

It's a lot like those blotchy images you stare at just right, then suddenly a sailboat appears...

[ Reply to This | # ]

[ Reply to This | # ]

I'm still staring... :)

[ Reply to This | # ]

SCO 0wns the legal copyright to Unix System V SCO 0wns all claims arising out of by Linux vendors SCO has pr00f of direct copying of System V into Linux.

That word on the second line should be doable. The letters look like "solpruim" but that doesn't make any sense. Of course, since has anything put out by SCOX? :)

[ Reply to This | # ]

I'm not quite sure I agree with "Linux vendors", since they've not made a single move against distributors, but rather end-users...

[ Reply to This | # ]

[ Reply to This | # ]

* SCO owns the legal copyright to Unix System V * SCO owns all claims arising out of violations by Unix licensees (the shut-the-F-up-Novell line item) * SCO has proof of direct copying of System V into Linux

Enough staring...

[ Reply to This | # ]

SCO has argued the impossibility of Linux developing as fast as it does without IBM transferring massive amounts of UNIX code and development method's into Linux.

So I took a look at the changelog for the newly released 2.4.22 kernel, this is an update of an old and stable release. The 2.4.21 kernel was released early june 03.

Since then there has been almost 1400 accepted patches/fixes by some 200 developers. And this is not the 2.5 development and new upcoming 2.6 kernel. It is the old and stable kernel.

On average 7 fixes per developer over 2 1/2 months that are tested and accepted. This shows that Linux developer are not a "rag tag army" and that SCO's argument is wrong. Even a very small fraction of the worlds developers has all the nessecary knowledge and time to create a competitive OS in an open source environment.

[ Reply to This | # ]

[ Reply to This | # ]

What happened? He was contacted by a "cut-out" (like in the spy movies) who claimed to represent the hacker who took down SCO's website?

So then he contacts the media with the story that the attack started and stopped because of him? Now SCO gets to say its site was down for an entire weekend because of an attack by Linux users and as usual doesn't have to provide any evidence at all?

Absolutely ridiculous. If there was a real "Rebel Leader" we should have held a recall election.

How embarrassing that someone on our side could get caught up in Star Wars/James Bond nonsense in a way that would be helpful to SCO.

And the consequence is that the mainstream press is full of this story instead of the story of the debunked slide presentation. I am disgusted.

[ Reply to This | # ]

http://news.com.c om/2100-1002_3-5067743.html?tag=fd_top

http://www.nyti mes.com/cnet/CNET_2100-1002_3-5067743.html

http://biz.yahoo.com/d jus/030825/1353000763_1.html

[ Reply to This | # ]

That's exactly why this happened this weekend!

[ Reply to This | # ]

Press is still clueless, they dig a little but does not understand what they find.

[ Reply to This | # ]

http://www.computerworld.com/governmenttopics/government /legalissues/story/0,10801,81973,00.html

SCO was able to uncover the alleged violations by hiring three teams of experts, including a group from the MIT math department, to analyze the Linux and Unix source code for similarities. "All three found several instances where our Unix source code had been found in Linux," said a SCO spokesman.

[ Reply to This | # ]

[ Reply to This | # ]

Strange, I read it this way - "Darl's really that bad."

:^}

[ Reply to This | # ]

20 Karma points to the first who delivers DDoS proof!

[ Reply to This | # ]

[ Reply to This | # ]

It looks like ESR is definitely our McBride: has plans but can't tell them, has anonymous supporters (asking him to be their war leader!), has fantasies about movie characters (will settle for Obiwan Kenobi since James Bond is already taken), and apparently is ready to say anything for his own publicity.

What an embarassement.

[ Reply to This | # ]

Blake Stowell, an SCO spokesman, said the software company has notified law enforcement authorities about the latest attack,

I agree with your general sentiments, I think ESR set a trap for himself. Great leadership!

1. He makes vague threats in his over-emotional initial open letter. Remember lots of people, including me said it could be construed (for example by SCO) in a bad way, even if it was clear to those in the know, that it wasn't what was intended.

2. When the site goes dead. He then says it's definitely an attack, before that is clear (unless he had some evidence that he didn't disclose)

3. He then gets involved with communicating with the alleged attacker, and announces this all to the world.

4. His comments predictably then get used by SCO (although not as badly as they could have been, maybe McBride was not involved in choosing the quotation to use :-))

5. The whole thing, the "attack", and more importantly the ESR comments, become the news story, instead of the code analysis or MIT thing.

Any of the first 4 could have been different if ESR had acted differently, and the 5th wouldn't have happened.

1. He could have been specific or less emotional, or not written that open letter, and just got on with whatever it is he plans to do. It's not like he had no communication with SCO before.

2. He could have avoided jumping to conclusions, or even speculating

3. When he got contacted, he could have simply quietly called the FBI, or told the guy to stop in private, or whatever, rather than issue more press.

4-5. If SCO are the victims of an attack - it is NOT justified - and is NOT acceptable. Trouble is ESR gave SCO extra ammunition and coverage of their "victim" status, as well as distraction from the issues in dispute.

[ Reply to This | # ]

My point is that it's currently not possible to know whether there was a DDoS or not. It's possible that Mr. W and Mr. X are honest unidentified hackers, that Mr. Y is right, and that Blake Stowell and Mr. Z are telling the truth. It's also possible that Mr. W is McBride, that Mr. X is his janitor who pulled the plug, that Mr. Y was misinformed, and that Blake Stowell and Mr. Z are lying. How would we know? We need technical details of the DDoS from someone we can trust, and tangible proof that it happened. We also need to prove the identities of Mr. W and Mr. X, and to find out why they were so wishy-washy.

I personally fear that there was a DDoS, but I'm still holding out for the tinfoil hat theory.

[ Reply to This | # ]

HTTP/1.1 200 OK Date: Tue, 26 Aug 2003 00:30:03 GMT Server: Rapidsite/Apa/1.3.27 (Unix) FrontPage/5.0.2.2510 mod_ssl/2.8.12 OpenSSL/0.9.7a Last-Modified: Tue, 15 Apr 2003 23:03:25 GMT ETag: "743852a-6a03-3e9c8fbd" Accept-Ranges: bytes Content-Length: 27139 Connection: close Content-Type: text/html

According to about.com, "RapidSite is not a Web server per se; rather, it is a virtual hosting service that runs on a personalized version of Apache. It is a popular alternative to purchasing a dedicated Web server. Platform: Independent."

So, still running apache, the OS is still unknown. Looking...

[ Reply to This | # ]

[ Reply to This | # ]

This raises the level of suspicion, but unless samples of the packets invovled are analyzed nobody can be positive of a DDoS.

[ Reply to This | # ]

[ Reply to This | # ]

http://ww w.theage.com.au/articles/2003/08/26/1061663769161.html

[ Reply to This | # ]

[ Reply to This | # ]

Starting nmap V. 3.00 ( www.insecure.org/nmap )
Host c7pub-216-250-140-112.center7.com (216.250.140.112) appears to be up ... good.
Initiating SYN Stealth Scan against c7pub-216-250-140-112.center7.com (216.250.140.112)
Adding open port 80/tcp
The SYN Stealth Scan took 0 seconds to scan 1 ports.
Warning: OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port
For OSScan assuming that port 80 is open and port 44638 is closed and neither are firewalled
Interesting ports on c7pub-216-250-140-112.center7.com (216.250.140.112):
Port State Service
80/tcp open http
Remote operating system guess: Linux 2.1.19 - 2.2.20
OS Fingerprint:
TSeq(Class=RI%gcd=1%SI=1D2CFA%TS=100HZ)
T1(Resp=Y%DF=Y%W=7F53%ACK=S++%Flags=AS%Ops=MENNTNW)
T2(Resp=N)
T3(Resp=N)
T4(Resp=N)
T5(Resp=N)
T6(Resp=N)
T7(Resp=N)
PU(Resp=N)

Uptime 266.003 days (since Mon Dec 02 17:04:54 2002)
TCP Sequence Prediction: Class=random positive increments
Difficulty=1912058 (Good luck!)
TCP ISN Seq. Numbers: D5780FF6 D5D706A8 D57B08FC D5BA7781 D5AA7C08 D556C370
IPID Sequence Generation: Busy server or unknown class

Nmap run completed -- 1 IP address (1 host up) scanned in 4 seconds

I really have no idea what most of that means. Apparently nmap can deduce the operating system based on how it packages TCP packets. But, where did that 266 uptime days figure come from? If it's accurate then SCO didn't reboot the machine over the weekend.

[ Reply to This | # ]

So assuming SCO didn't hack their kernel to put fake information in the TCP layer, then they're running Linix 2.19 and have been for 266 days.

[ Reply to This | # ]

[ Reply to This | # ]

[ Reply to This | # ]

but it will not actually end until the timers on his 'bots run out.

This could also be translated as "I didn't actually start the DDoS, nor am I sure it's really a DDoS, and since I have no control of it, whatever it is, I obviously can't turn off the attack on a whim. So... I'll just say 'The timers on the bots have to run out, first' so that way the site can appear to stay down a bit more and when it comes back up, it'll look like the attack has ended."

This is, of course, speculation. Eric may have much more information than he shared in his article... but the article as it is looks like there's an even chance that Eric's been taken for a ride. This whole episode stinks of last week's fish.

(Sorry for the screwup in the previous post)

[ Reply to This | # ]

regarding Mr X, Y, Z, Black, Blue, Red and Larry Rosenham comment

While it might be genuine, I'd like to point out a Larry Rosenham won a $50 gift certificate from SCO on August 7th for being one of the quickest to reply to an email newsletter, I think a SCO reseller newsletter. Link posted in previous comments section.

I don't know whether this is the same Rosenham, or even if it is, whether this should affect your judgement of the post to usenet, but it is another background fact to be aware of.

[ Reply to This | # ]

Everything that follows is **Speculation** and **Opinion**:

I've been wondering for a while about SCO paying them...

3 teams, must be 6 people minimum (a team of 1 is not a team by any usual definition), and I think more realistically at least 9 people (I would say 2 people probably doesn't fit definition of team).

They have been variously described as "independent" (repeatedly) and "external". So they can't be SCO employees, I think. They are also described as "experts". And SCO todays says they are connected somehow to MIT.

If a person in the team earns $100K per year, a reasonable guess I think, they'd earn $25K per quarter. $25K X 6 people = $150K per quarter. $25 X 9 people = $225K per quarter.

However if they are consultants working for some outside company, SCO paying $25K per quarter, is I think way too low. $25K divided by 60 or so working days in a quarter is = $416 per day. Tell me where you get "expert" MIT-like computer consulting in the US for $416 per day - I'd be surprised. Plus my experience is companies usually charge about (or more than) X2 wage bill for consulting.

So I'd update my *minimum* cost estimate to

$25K X 6 people X 2 = $300K per quarter. $25 X 9 people X 2 = $450K per quarter.

Now this is really an absolute minimum, probably an underestimate, I think that fits my *interpretation* of what SCO says. The reason I say this

1. I'm using an extreme minimal definition of team

2. I'm using very low consulting rates for supposed experts

3. I'm assuming no other costs than paying for the wages/time

So, my *assumption*, is the real bill should be more, probably much more.

The question that follows, is where do SCO put the $300K-$450K (and probably more) expense on their 10-Q. We haven't one 10-Q since this started (and they'll be another one soon). Anybody?

One other thing, McBride, I think said legal costs are $500K-$600K per quarter for SCO at present in conference call or some press statement (somebody look it up please, and confirm?). If the 3 teams are part of this, I can't see much, if anything, being left for other legal expenses.

[ Reply to This | # ]

Glenn

[ Reply to This | # ]

[ Reply to This | # ]

The question that follows, is where do SCO put the $300K-$450K (and probably more) expense on their 10-Q. We have had one 10-Q since this started (and they'll be another one soon). Anybody?

Comments on the math or assumptions in my speculation, very welcome and appreciated?

[ Reply to This | # ]

I've found that the base that netcraft was showing in the graphs
that were shown correlates well with high volume. I agree that the
spikes can mean many things.

Only analysis of *many* of the packets will be
of use. Guess what we will likely never see?

What caused the high volume? I don't know.
Was the high volume abnormal for the site. I don't know.
Will the public see a good selection of the packets that were
recieved during the period in question? I doubt it.

During the "down time", you and I and others, were able to pinpoint
which serivices were not available, and which were.

We do not know why, but have some guesses -- speculation, if you will.

[ Reply to This | # ]

Very close, IMHO. In my previous job, we billed out text-mining gurus at $300/hr, and they would be assisted by graduate students we billed out at $150/hr, at a ratio of ~4 grad students per Ph.D. 'expert'. So figure $900/hr for team of 5, $36K per week * 12 weeks = $432K/quarter.

[ Reply to This | # ]

But I don't know what standard procedure here is. Will analysts accept payment spread over several installments etc.

Would it be a breach of professional decorum for somebody to call Ms Didio and ask her how much SCO paid her for her informed opinions?

Along these lines, I'm sure somebody with an MBA could probably figure in even more expenses related to elaborate NDAs and extra security guards and so forth that should probably be showing up on 10Q.

Mind you I don't really know what I'm talking about, anybody a CEO here? :)

[ Reply to This | # ]

[ Reply to This | # ]

1) Your use of nmap on a network that you do not have responsiblity for is at best
an ethical violation, and at worst can place you at risk for criminal
violation of at least three federal "computer crime" laws.

2) The report is has no use after the site is up. The only time that a nmap
could have provided any useful information was when the SCOG sites
down.

[ Reply to This | # ]

They pay the rest to Didio for her analysis. :) Would you do what she's doing for that amount?

[ Reply to This | # ]

Thanks for the info. Which laws? I want to read up for future reference. Also, I did limit the scan to port 80, which everybody already knows is open. I wasn't scanning for vulnerabilities, and I don't believe that the information I posted could be used to launch an attack on SCO's systems.

Also, how does NetCraft get this information legally?

[ Reply to This | # ]

Regarding " Would it be a breach of professional decorum for somebody to call Ms Didio and ask her how much SCO paid her for her informed opinions?"

You can find the NDA at LWN, and the open ended question would be: "Did did SCOG buy DiDio's writing, or did Yankee Group pay for DiDio's writing."

[ Reply to This | # ]

My Answer: I'm not yet going anywhere in particular. I have not drawn any conclusions yet. What I think we should be able to determine is how seriously SCO is investigating the code, for how long, etc.

D has widen the time-frame, which gives us more time to research.

Paul> But I don't know what standard procedure here is. Will analysts accept payment spread over several installments etc.

My Answer: I think you are confusing two things. "Analysts" like Yankee etc., and the "research" on code. I do not have direct experience of Yankee Group, but I do with some other similar type analyst firms -- a code research project line-by-line is not something that I think the Yankee type analysts would do, *probably*, AFAIK. The analysts firms that I know, would not do this - they just wrote very general reports an industry (sometimes ill-informed) and gave speeches.

I also think it's unlikely DiDio or Yankee Group was involved in the "research" aspect, as the timing is all wrong.

In my experience, Analyst type firms, would write general reports or appear in media from time to time anyway - to talk about news - but to get them to do much more (like talk about a specific company or issue) would usually require payment.

For the "research", I can't imagine how SCO could be able to go without paying them indefinitely. They must be paid, or else their firm dies and the workers starve. If you were a researcher, you'd want to be paid, no matter what you found? And in a timely fashion? Right?

Paul> Would it be a breach of professional decorum for somebody to call Ms Didio and ask her how much SCO paid her for her informed opinions?

My answer: Yes, probably, especially if you phrase it like that - you're assuming they paid her. Assumption - not fact.

According to one site, I read, somebody did however ask SCO if they pay Yankee Group, and Stowell said it would be improper to comment. Try to hunt it down, it's on lwn or linuxjournal or some such site.

> Mind you I don't really know what I'm talking about, anybody a CEO here? :)

I am not a CEO or CFO, but I think that I'm (a layman) generally familiar enough with 10-Qs to know roughly what to look for. I haven't looked thru SCO's yet, hard enough, to spot it.

r.a > The 10Q won't have specific enough detail to find the consultants. I expect them to charge them as a cost of revenue in the SCO Source division

That's what I expect too.

I'm somewhat surprised if they are allowed to put litigation expenses in there.

I think McBride said they have or had 8 internal SCO people in there too, so we might have to deduct that.

[ Reply to This | # ]

Time for you do some home work. Each and every law on "internet decency" has
had clauses forbidding the use of tools like portscanners. Each time,
these cases reached the supremes, the first ammendment violations
were removed. The rest of the law(s) stands.

Using a portscanner is a grey area. Four seconds is no defense.

[ Reply to This | # ]

From the 10Q the closest I can find is:
"Cost of Licensing Revenue. Cost of licensing revenue was $2,163,000 for the second quarter and first two quarters of fiscal year 2003 and $0 for the second quarter and first two quarters of fiscal year 2002. Cost of licensing revenue as a percentage of licensing revenue was 26 percent for the second quarter of fiscal year 2003. Cost of licensing revenue includes the salaries and related personnel costs of internal personnel dedicated to the SCOsource licensing initiative, as well as legal and professional fees incurred in connection with the execution of the licensing agreements. We are unable to predict the percentage of cost of licensing revenue for future quarters due to the unpredictability of the related licensing revenue."

If memory serves, they said specifically that they have decided to charge the IBM lawsuit as a cost of sales during their conference call.

Also in the 10Q they add:
The success of our SCOsource licensing initiative, at least initially, will depend to a great extent on the perceived strength of our intellectual property and contractual claims and our willingness to enforce our rights.

That may be their justification for charging the lawsuit as a cost of sales.

[ Reply to This | # ]

This seems to be a new one by Robert McMillan IDG News Service, 08/25/03. It has nice juicy quotes from McBride about terrorism. SCO released few (no) details other than that they were attacked.

What makes me so angry is the sense I got from Raymond's letters that said "don't do this but look how powerful I am."

On the other hand, their side makes mistakes and our side makes mistakes.

SCO's basic proposition is who are you going to believe, a listed company or a bunch of hackers? That proposition took some major hits last week because of some big blunders on their part. Enough that they should have had to explain exactly how a ddos took them offline for an entire weekend and they came back with a (slightly) changed site. But a blunder on our side gave some of it back.

I don't expect Raymond to make that mistake again. So we'll just move forward.

[ Reply to This | # ]

BTW Any thoughts on ESR and his starwarish "stop & rally behind me" statement? As far as I can determine it has created more of a personal backlash than anything else. http://linuxtoda y.com/infrastructure/2003082501026NWCYLL

[ Reply to This | # ]

What makes me really angry, is Raymond talking about "we" when referring to the hacker. I'm not sure I want to be in the same "we" as Raymond. And I definitely do NOT want to be in the same "we" as the hacker, if there was one. But, Raymond has allowed himself to be construed as (and to some extent the rest of our side) in that 1st person plural as the alleged hacker.

[ Reply to This | # ]

News: http://www.linuxworld.com/story /33982.htm

[ Reply to This | # ]

[ Reply to This | # ]

http ://www.cbronline.com/todaysnews/fcbc3decade58eb080256d8e0018bad3

[ Reply to This | # ]

As to the issue of whether "a friend of a friend" really attacked SCO, at least its an honest error. At worst, ESR grabbed the issue and ran with it in order to make a point. (I'll be he and every other Linux bigwig get a dozen "I am leet and I'll take SCO down for you, dude," letterz every day.)

On the subject of consultants, I suspect that we're assuming too much time on their part. After all, the task could be easily automated. I could probably write the necessary code to do diffs and greps on the SCO vs. Linux source code in a day using nothing but simple shell scripts. This would include formatting and some basic stuff that would output filenames and line numbers. Then I'd run them overnight and let them create a report which I would rewrite as necessary.ive.

Given the history of the various Unix code trees, this approach would naturally create a huge number of false positives. I suspect that SCO's consultants wrote such routines (or had them in the can already) and did "good" work on code they didn't understand at all. As a result, we have a lawsuit instead of well educated "suits."

Just my .02 for the day.

[ Reply to This | # ]

[ Reply to This | # ]

Joe: www.sco.com is definitely unreachable again ....... 12 so-6-2-0-100.mp1.sjo1.Level3.net (64.159.4.73) 279.945 ms 289.453 ms 289.919 ms 13 so-2-0-0.mp1.Denver1.Level3.net (64.159.0.241) 319.936 ms 319.463 ms 319.887 ms *

[ Reply to This | # ]

MEDIA ALERT: Statement from SCO regarding Denial of Service attack FBI Investigating Serious Denial of Service Attack Against SCO; Seeks to Confirm Identity of Attacker Lindon, Utah - May 6, 2003 - SCO (Nasdaq: SCOX) today confirmed that on Friday, May 2, 2003 at approximately 10:00 a.m. Mountain Time, it was victimized by a large scale, coordinated Denial of Service (DoS) attack. The attack consumed about 90 percent of the available bandwidth of SCO's service provider for the entire Lindon, Utah backbone.

For the people trying to track down a second report to the Feds about the most recent purported takedown, I suggest you contact this office mentioned in the earlier release:

A special agent for Intrusion Detection at the FBI Cyber Crimes Division in Salt Lake City was contacted and is now analyzing full information on the attacks. Personnel at the U.S. Attorney's office are proceeding with an investigation into the attack.

[ Reply to This | # ]

I am wondering why I see response times spikes only on the Texas measurement plots.

[ Reply to This | # ]

Found an old interview with Darl McDibshit done by Computerworld back in October.

Where do you see SCO in five years? What will SCO be doing then?

I see SCO five years from now being as significant a technology brand as it was five to 10 years ago. We're going to embrace the great things of our past and our roots in Unix and move forward with a strong set of Unix and Linux offerings. On top of the operating systems business, we see a number of solutions-based opportunities, including in retail point-of-sale software. We're not only going to be getting back to where we were, but going beyond that.

Suprisingly this wasn't that long ago, and there is no mention in this article about enforcing their IP.

Click here

[ Reply to This | # ]

 5  ae0-12.mpls2.Zurich1.Level3.net (213.242.66.18)  15.926 ms  14.920 ms 
22.090 ms
 6  so-0-0-0.mp1.London2.Level3.net (212.187.128.61)  196.782 ms *  264.509 ms
 7  so-1-0-0.bbr1.Washington1.level3.net (212.187.128.138)  141.347 ms  543.803
ms  504.859 ms
 8  so-3-0-0.mp1.Denver1.Level3.net (64.159.1.113)  370.681 ms  189.781 ms 
146.012 ms
 9  gigabitethernet10-0.hsipaccess2.Denver1.Level3.net (64.159.3.122)  163.912
ms !H *  156.106 ms !H

John, could you phone again to sco and report what they say now? =)

[ Reply to This | # ]

"Terrorists do things designed to intimidate people, and we see a lot of that going on all the time -- people trying to attack us or people that we're associated with," he [McBride]said at the time. "If you look at a DOS attack, that's a form of cyber-terrorism," he said.

I'm now a slightly bit more concerned about the whole thing - it was comical before, because absurd - now though, this is a whole new dimension - political. Will the "war on turr" be expanded, to fight the enemies of freedom, the evil-doers, the open source communists?

[ Reply to This | # ]

-> http://www.opensource .org/halloween/halloween9.html

if you can read german or want to translate: http://heise.de/newstick er/data/jk-26.08.03-002/

[ Reply to This | # ]

[ Reply to This | # ]

Contrast with last week-end alleged attack where 3 days later we have ESR quotes, rehashes from last time, and "The SCO representative could not say where this weekend's strike originated": http://news.com.com/2100-100 2_3-5067743.html

McBride calling DoS attackers terrorists doesn't mean they were attacked last week-end. IMHO all their published comments can be attributed to the May attack, or are general comments with no implications to the last event. I think it shows there was nothing, and that they let this story develop by itself and with help from braggers. Every time there is a bombing 3, often unknown, groups claim responsability. Same thing here, except there was probably no bombing: I don't believe ESR story.

[ Reply to This | # ]

No info though, just the status report: http://www.theinquirer.net/?art icle=11211

The "SCOX files" continue...

[ Reply to This | # ]

http:// www.commentwire.com/commwire_story.asp?commentwire_ID=4733

Bert

[ Reply to This | # ]

"While the amount of evidence revealed by SCO is not great, it does appear that it may have a case against IBM and other Unix licensees, particularly given the strength of the Unix licensing agreements passed down to SCO from AT&T [T]."

as found in the datamonitor article Bert linked to above.

[ Reply to This | # ]

Lastly, We are providing SCO with a million eyes on any errors in their lawsuit, the court of public opinion does not count in a court of law. We all need realize SCO's reads all the information we post, so we must think before we post.

[ Reply to This | # ]

Paragraph 2 (bear with the amateuristic foreign-foreign language translation):
Whether Linux in Europe is also safe from SCO's claims, is a new aspect in the debate. The English lawyer Gary Lea pointed in a letter to the Register to the difference between US and European Law. In his letter Lea says he's convinced that European users are sufficiently protected by the GPL from SCO style threaths. He doubts that an indemnication licence that could be valid in the USA would be passable in the same way in Europe. In the context of Raymond one may say: Halloween is just an American popular party, that one celebrate lonely in Europe.

The last paragraph states that ESR is on solid ground again after his slip on the DDOS attack.

As a personal note: Gary Lea spoke specificly about English copyright law; I know that Dutch law differs in some significant details, there is a right to use a copyrighted work "for the purpose that it was intended", even if some copying is involved. Distribution remains prohibited.

[ Reply to This | # ]

http://www.theinquirer.net/?art icle=11208

Hacker story:

http://www.ciol.com/c ontent/news/2003/103082606.asp

http://www.inter netnews.com/dev-news/article.php/3068581

Other News:

http://www.it-anal ysis.com/article.php?articleid=11180

[ Reply to This | # ]

[ Reply to This | # ]

The new halloween document of ESR sums the whole story up very well and clearly. That's nice done.

[ Reply to This | # ]

Something might have backfired - it might not be a DDoS attack, but a DiDioS foulup...

[ Reply to This | # ]

NEW YORK (Dow Jones)--SCO Group Inc. (SCOX) has been hit by a coordinated computer attack that has flooded its Web site with traffic, making it inaccessible to many visitors for several days.

It's the second time this year the Linden, Utah, company's Web site has been the target of a denial-of-service attack. In such attacks, hackers use multiple computers to overwhelm a site with traffic.

Blake Stowell, an SCO spokesman, said the software company has notified law enforcement authorities about the latest attack, which has temporarily knocked out the company's U.S. and U.K. Web sites.

[ Reply to This | # ]

And in any case, taken literally, Stowell could be talking about the May 2 attack. I still haven't seen anyone from SCO claiming an attack starting last Friday!

[ Reply to This | # ]

Maybe there was a DoS attack during the time SCO had their server down for maintanance?

[ Reply to This | # ]

www.sco.com - HTTP www.caldera.com - HTTP ftp.sco.com - FTP www.sco.de - HTTP

Enjoy!

[ Reply to This | # ]

PJ: Have you had any "direct communication" (e.g. e-mail) with ESR?

[ Reply to This | # ]

PJ: Have you had any "direct communication" (e.g. e-mail) with ESR?

[ Reply to This | # ]

This is perplexing. The only news of their antics, so far, is that they are sending out invoices - which should be gold to prosecutors.

Anyone else seen anything?

[ Reply to This | # ]

[ Reply to This | # ]

Who profited from the DR-DOS lawsuit - you might be surprised!

http://www.theregi ster.co.uk/content/archive/9507.html

[ Reply to This | # ]

http:// www.commentwire.com/commwire_story.asp?commentwire_ID=4733

" August 26, 2003 11:58 AM GMT (Datamonitor) - SCO [SCOX] is beginning to invoice Linux users for their use of Unix code that it says has been illegally copied into the open source operating system. This leaves IT shops around the world with a deceptively simple decision: pay the fine, or take a chance."

So, if they are doing it and not just saying it - I guess that the counter suits can now begin.

[ Reply to This | # ]

[ Reply to This | # ]

[ Reply to This | # ]

[ Reply to This | # ]

[ Reply to This | # ]

I'm not ready to believe that. The news coverage of this entire soap opera has been appallingly bad when it comes to details like this. This story could be nothing more than another reporter or "analyst" taking McBride's recent comments that they would be issuing invoices Real Soon Now a little too literally.

SCO was going to audit AIX customers Real Soon Now as well. Then they were going to sell those "protection licenses" Real Soon Now, but no one who has called trying to buy one can actually do so.

I want to hear from somebody who actually got an invoice through the mail from SCO. Until that happens, I'm inclined to write this off as more bad journalism.

[ Reply to This | # ]

[ Reply to This | # ]

[ Reply to This | # ]

The outage prompted Netcraft to declare that SCO was again the target of a denial-of-service attack. However, the outage was actually due to preventative measures taken by SCO and its hosting service to mitigate the effects of future attacks, according to company spokesman Marc Modersitzki.

I've been to the Netcraft site numerous times over the last several days, and I don't recall that they ever claimed that SCO had been hit by a DoS attack. What they said was, no one can tell. Netcraft itself seems to be down at the moment, but the last time I was there, earlier today, they made no claim at all that "SCO was again the target of a denial-of-service attack." Where do these reporters get this stuff?

[ Reply to This | # ]

[ Reply to This | # ]

[ Reply to This | # ]

[ Reply to This | # ]

(Off-topic)

D.,

(OT) Paul's use of nmap to guess at a remote site's operating system is not "portscanning". It's simply analyzing an attempted or aborted connection to port 80. Little nuances in the remote end's TCP stack are analyzed and matched against a database of TCP stack "fingerprints" to make a guess at which operating system is there. In this sense, it is no different from doing a ping, a traceroute, or looking at HTTP headers.

I wish I could also say unequivocally that it's legal, but it's not yet well defined whether any of those are legal; an interesting article on the formulation of access-based computer crime laws can be found here.

[ Reply to This | # ]

[ Reply to This | # ]